package com.zx.mes.hyl.service.impl;

import com.zx.mes.hyl.entity.SysUser;
import com.zx.mes.hyl.service.RbacService;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

import javax.servlet.http.HttpServletRequest;

/**
 * 授权接口实现
 * @author huayunlong
 * @date 2018-7-10
 */
@Component
public class RbacServiceImpl implements RbacService{

    private Logger logger = LoggerFactory.getLogger(getClass());

    private AntPathMatcher antPathMatcher = new AntPathMatcher();

    @Override
    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {

        Object principal = authentication.getPrincipal();

        boolean hasPermission = false;

        logger.info("当前操作需要的权限:[{}]",request.getRequestURI());

        //如果用户名是admin，就永远返回true
        if (StringUtils.equals(((SysUser) principal).getName(), "admin")) {
            hasPermission = true;
        }

        return hasPermission;
    }
}
